Updated libreswan packages fix security vulnerability

Updated libreswan packages fix security vulnerability: An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan. An unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the...

CVE-2020-1763

An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash...

UBUNTU-CVE-2020-1763

An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash...

CVE-2020-1763

Libreswan pluto daemon contained an out-of-bounds buffer read in versions 3.27–3.31. An unauthenticated attacker could crash libreswan by sending specially crafted IKEv1 Informational Exchange packets; the daemon respawns after the crash. Documented advisories from Debian, Mageia, Gentoo, and oth...

CVE-2020-1763

An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash...

CVE-2020-1763

An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan. An unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash. Mitigation Red Hat has investigated whether a...

libreswan: DoS attack via malicious IKEv1 informational exchange message

An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan. An unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash...

Multiple Huawei products cross-border read vulnerability (CNVD-2020-28979)

The Huawei AR1200, among others, is an enterprise router from Huawei, a Chinese company. The buffer error vulnerability exists in several Huawei products and stems from a failure to read data from the end of an expected buffer when parsing a specific message. An attacker could exploit the...

Microsoft Windows user32 Icon Extraction Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Debian: Security Advisory (DLA-2136-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2136-1] libvpx security update

Package : libvpx Version : 1.3.0-3+deb8u3 CVE ID : CVE-2020-0034 It was discovered that there was an out-of-bounds buffer read vulnerability in libvpx, a library implementing the VP8 & VP9 video codecs. For Debian 8 "Jessie", this issue has been fixed in libvpx version 1.3.0-3+deb8u3. We recommen...

Symantec Endpoint Protection Manager secars Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Symantec Endpoint Protection Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...

RHEL 8 : curl (RHSA-2019:3701)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3701 advisory. The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTT...

Moderate: Red Hat Security Advisory: curl security and bug fix update

An update for curl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

The vulnerability of the rtreenode() function in the SQLite database management system allows a attacker to cause a service failure, execute arbitrary code, or disclose sensitive information.

The vulnerability of the rtreenode function in the SQLite database management system is related to the occurrence of read operations outside the buffer in memory. Exploiting this vulnerability can allow an attacker to cause service failures, execute arbitrary code, or disclose sensitive informati...

CVE-2019-10507

Lack of check of extscan change results received from firmware can lead to an out of buffer read in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607, MDM9640,...

CVE-2019-10507

Lack of check of extscan change results received from firmware can lead to an out of buffer read in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607, MDM9640,...

Information Disclosure

php is vulnerable to information disclosure. An attacker is able to read past allocated buffer in the exifprocessIFDTAG function by using malicious files. This can also be used to crash the application...

Delta Industrial Automation DOPSoft DPA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected instances of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...

exiv2: heap-based buffer over-read in PngChunk::readRawProfile in pngchunk_int.cpp

In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunkint.cpp may cause a denial of service application crash due to a heap-based buffer over-read via a crafted PNG file...